MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2025-07-07 01:45:18 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

UPSTREAM: f2fs: prevent possible int overflow in dir_block_index()

Browse Source 
The result of multiplication between values derived from functions
dir_buckets() and bucket_blocks() *could* technically reach
2^30 * 2^2 = 2^32.

While unlikely to happen, it is prudent to ensure that it will not
lead to integer overflow. Thus, use mul_u32_u32() as it's more
appropriate to mitigate the issue.

Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.

Fixes: 3843154598 ("f2fs: introduce large directory support")
Cc: stable@vger.kernel.org
Change-Id: If95a55dc62b75eeff2b97bbdb84854e5dbb44dd7
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 47f268f33d)
This commit is contained in:
Nikita Zhandarovich 2024-07-24 10:05:44 -07:00 committed by Matthias Männich
parent 58c6526f60
commit bb83cf0c84
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fs/f2fs/dir.c
View File

@ -157,7 +157,8 @@ static unsigned long dir_block_index(unsigned int level,
unsigned long bidx = 0;
for (i = 0; i < level; i++)
bidx += dir_buckets(i, dir_level) * bucket_blocks(i);
bidx += mul_u32_u32(dir_buckets(i, dir_level),
bucket_blocks(i));
bidx += idx * bucket_blocks(level);
return bidx;
}